Vulnerabilities > Yiiframework > YII > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-07-28 CVE-2022-31454 Cross-site Scripting vulnerability in Yiiframework YII 2.0.45
Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.
network
low complexity
yiiframework CWE-79
6.1
6.1
2021-08-10 CVE-2021-3692 Use of Insufficiently Random Values vulnerability in Yiiframework YII
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
network
low complexity
yiiframework CWE-330
5.3
5.3
2019-01-28 CVE-2018-20745 Origin Validation Error vulnerability in Yiiframework YII
Yii 2.x through 2.0.15.1 actively converts a wildcard CORS policy into reflecting an arbitrary Origin header value, which is incompatible with the CORS security design, and could lead to CORS misconfiguration security problems.
network
high complexity
yiiframework CWE-346
5.9
5.9
2017-07-21 CVE-2017-11516 Cross-site Scripting vulnerability in Yiiframework YII 2.0.12
An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.
network
low complexity
yiiframework CWE-79
6.1
6.1